<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>Module: ActionController::HttpAuthentication::Basic</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <meta http-equiv="Content-Script-Type" content="text/javascript" />
  <link rel="stylesheet" href="../../.././rdoc-style.css" type="text/css" media="screen" />
  <script type="text/javascript">
  // <![CDATA[

  function popupCode( url ) {
    window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
  }

  function toggleCode( id ) {
    if ( document.getElementById )
      elem = document.getElementById( id );
    else if ( document.all )
      elem = eval( "document.all." + id );
    else
      return false;

    elemStyle = elem.style;
    
    if ( elemStyle.display != "block" ) {
      elemStyle.display = "block"
    } else {
      elemStyle.display = "none"
    }

    return true;
  }
  
  // Make codeblocks hidden by default
  document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
  
  // ]]>
  </script>

</head>
<body>



    <div id="classHeader">
        <table class="header-table">
        <tr class="top-aligned-row">
          <td><strong>Module</strong></td>
          <td class="class-name-in-header">ActionController::HttpAuthentication::Basic</td>
        </tr>
        <tr class="top-aligned-row">
            <td><strong>In:</strong></td>
            <td>
                <a href="../../../files/vendor/rails/actionpack/lib/action_controller/http_authentication_rb.html">
                vendor/rails/actionpack/lib/action_controller/http_authentication.rb
                </a>
        <br />
            </td>
        </tr>

        </table>
    </div>
  <!-- banner header -->

  <div id="bodyContent">



  <div id="contextContent">

    <div id="description">
      <p>
Makes it dead easy to do HTTP <a href="Basic.html">Basic</a>
authentication.
</p>
<p>
Simple <a href="Basic.html">Basic</a> example:
</p>
<pre>
  class PostsController &lt; ApplicationController
    USER_NAME, PASSWORD = &quot;dhh&quot;, &quot;secret&quot;

    before_filter :authenticate, :except =&gt; [ :index ]

    def index
      render :text =&gt; &quot;Everyone can see me!&quot;
    end

    def edit
      render :text =&gt; &quot;I'm only accessible if you know the password&quot;
    end

    private
      def authenticate
        authenticate_or_request_with_http_basic do |user_name, password|
          user_name == USER_NAME &amp;&amp; password == PASSWORD
        end
      end
  end
</pre>
<p>
Here is a more advanced <a href="Basic.html">Basic</a> example where only
Atom feeds and the XML API is protected by HTTP authentication, the regular
HTML interface is protected by a session approach:
</p>
<pre>
  class ApplicationController &lt; ActionController::Base
    before_filter :set_account, :authenticate

    protected
      def set_account
        @account = Account.find_by_url_name(request.subdomains.first)
      end

      def authenticate
        case request.format
        when Mime::XML, Mime::ATOM
          if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) }
            @current_user = user
          else
            request_http_basic_authentication
          end
        else
          if session_authenticated?
            @current_user = @account.users.find(session[:authenticated][:user_id])
          else
            redirect_to(login_url) and return false
          end
        end
      end
  end
</pre>
<p>
In your integration tests, you can do something like this:
</p>
<pre>
  def test_access_granted_from_xml
    get(
      &quot;/notes/1.xml&quot;, nil,
      :authorization =&gt; ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
    )

    assert_equal 200, status
  end
</pre>
<p>
On shared hosts, Apache sometimes doesn&#8216;t pass authentication headers
to FCGI instances. If your environment matches this description and you
cannot <a href="Basic.html#M000207">authenticate</a>, try this rule in
public/.htaccess (replace the plain one):
</p>
<pre>
  RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
</pre>

    </div>


   </div>

    <div id="method-list">
      <h3 class="section-bar">Methods</h3>

      <div class="name-list">
      <a href="#M000207">authenticate</a>&nbsp;&nbsp;
      <a href="#M000212">authentication_request</a>&nbsp;&nbsp;
      <a href="#M000209">authorization</a>&nbsp;&nbsp;
      <a href="#M000210">decode_credentials</a>&nbsp;&nbsp;
      <a href="#M000211">encode_credentials</a>&nbsp;&nbsp;
      <a href="#M000208">user_name_and_password</a>&nbsp;&nbsp;
      </div>
    </div>

  </div>


    <!-- if includes -->

    <div id="section">

    <div id="class-list">
      <h3 class="section-bar">Classes and Modules</h3>

      Module <a href="Basic/ControllerMethods.html" class="link">ActionController::HttpAuthentication::Basic::ControllerMethods</a><br />

    </div>




      


    <!-- if method_list -->
    <div id="methods">
      <h3 class="section-bar">Public Instance methods</h3>

      <div id="method-M000207" class="method-detail">
        <a name="M000207"></a>

        <div class="method-heading">
          <a href="#M000207" class="method-signature">
          <span class="method-name">authenticate</span><span class="method-args">(controller, &amp;login_procedure)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000207-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000207-source">
<pre>
    <span class="ruby-comment cmt"># File vendor/rails/actionpack/lib/action_controller/http_authentication.rb, line 95</span>
95:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">authenticate</span>(<span class="ruby-identifier">controller</span>, <span class="ruby-operator">&amp;</span><span class="ruby-identifier">login_procedure</span>)
96:         <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">authorization</span>(<span class="ruby-identifier">controller</span>.<span class="ruby-identifier">request</span>).<span class="ruby-identifier">blank?</span>
97:           <span class="ruby-identifier">login_procedure</span>.<span class="ruby-identifier">call</span>(<span class="ruby-operator">*</span><span class="ruby-identifier">user_name_and_password</span>(<span class="ruby-identifier">controller</span>.<span class="ruby-identifier">request</span>))
98:         <span class="ruby-keyword kw">end</span>
99:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000212" class="method-detail">
        <a name="M000212"></a>

        <div class="method-heading">
          <a href="#M000212" class="method-signature">
          <span class="method-name">authentication_request</span><span class="method-args">(controller, realm)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000212-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000212-source">
<pre>
     <span class="ruby-comment cmt"># File vendor/rails/actionpack/lib/action_controller/http_authentication.rb, line 120</span>
120:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">authentication_request</span>(<span class="ruby-identifier">controller</span>, <span class="ruby-identifier">realm</span>)
121:         <span class="ruby-identifier">controller</span>.<span class="ruby-identifier">headers</span>[<span class="ruby-value str">&quot;WWW-Authenticate&quot;</span>] = <span class="ruby-node">%(Basic realm=&quot;#{realm.gsub(/&quot;/, &quot;&quot;)}&quot;)</span>
122:         <span class="ruby-identifier">controller</span>.<span class="ruby-identifier">send!</span> <span class="ruby-identifier">:render</span>, <span class="ruby-identifier">:text</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value str">&quot;HTTP Basic: Access denied.\n&quot;</span>, <span class="ruby-identifier">:status</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">:unauthorized</span>
123:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000209" class="method-detail">
        <a name="M000209"></a>

        <div class="method-heading">
          <a href="#M000209" class="method-signature">
          <span class="method-name">authorization</span><span class="method-args">(request)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000209-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000209-source">
<pre>
     <span class="ruby-comment cmt"># File vendor/rails/actionpack/lib/action_controller/http_authentication.rb, line 105</span>
105:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">authorization</span>(<span class="ruby-identifier">request</span>)
106:         <span class="ruby-identifier">request</span>.<span class="ruby-identifier">env</span>[<span class="ruby-value str">'HTTP_AUTHORIZATION'</span>]   <span class="ruby-operator">||</span>
107:         <span class="ruby-identifier">request</span>.<span class="ruby-identifier">env</span>[<span class="ruby-value str">'X-HTTP_AUTHORIZATION'</span>] <span class="ruby-operator">||</span>
108:         <span class="ruby-identifier">request</span>.<span class="ruby-identifier">env</span>[<span class="ruby-value str">'X_HTTP_AUTHORIZATION'</span>] <span class="ruby-operator">||</span>
109:         <span class="ruby-identifier">request</span>.<span class="ruby-identifier">env</span>[<span class="ruby-value str">'REDIRECT_X_HTTP_AUTHORIZATION'</span>]
110:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000210" class="method-detail">
        <a name="M000210"></a>

        <div class="method-heading">
          <a href="#M000210" class="method-signature">
          <span class="method-name">decode_credentials</span><span class="method-args">(request)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000210-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000210-source">
<pre>
     <span class="ruby-comment cmt"># File vendor/rails/actionpack/lib/action_controller/http_authentication.rb, line 112</span>
112:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">decode_credentials</span>(<span class="ruby-identifier">request</span>)
113:         <span class="ruby-constant">Base64</span>.<span class="ruby-identifier">decode64</span>(<span class="ruby-identifier">authorization</span>(<span class="ruby-identifier">request</span>).<span class="ruby-identifier">split</span>.<span class="ruby-identifier">last</span> <span class="ruby-operator">||</span> <span class="ruby-value str">''</span>)
114:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000211" class="method-detail">
        <a name="M000211"></a>

        <div class="method-heading">
          <a href="#M000211" class="method-signature">
          <span class="method-name">encode_credentials</span><span class="method-args">(user_name, password)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000211-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000211-source">
<pre>
     <span class="ruby-comment cmt"># File vendor/rails/actionpack/lib/action_controller/http_authentication.rb, line 116</span>
116:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encode_credentials</span>(<span class="ruby-identifier">user_name</span>, <span class="ruby-identifier">password</span>)
117:         <span class="ruby-node">&quot;Basic #{Base64.encode64(&quot;#{user_name}:#{password}&quot;)}&quot;</span>
118:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000208" class="method-detail">
        <a name="M000208"></a>

        <div class="method-heading">
          <a href="#M000208" class="method-signature">
          <span class="method-name">user_name_and_password</span><span class="method-args">(request)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000208-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000208-source">
<pre>
     <span class="ruby-comment cmt"># File vendor/rails/actionpack/lib/action_controller/http_authentication.rb, line 101</span>
101:       <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">user_name_and_password</span>(<span class="ruby-identifier">request</span>)
102:         <span class="ruby-identifier">decode_credentials</span>(<span class="ruby-identifier">request</span>).<span class="ruby-identifier">split</span>(<span class="ruby-regexp re">/:/</span>, <span class="ruby-value">2</span>)
103:       <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>


    </div>


  </div>


<div id="validator-badges">
  <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>

</body>
</html>